malwarewikiaorg-20200223-history
CIA Special Agent 767
CIA Special Agent 767 is a trojan that pretends to be from the CIA. It is part of the M4N1F3STO family. It is aimed at English-speaking users Payload Transmission CIA Special Agent 767 is distributed using fake software cracks or through free programs the user downloads off of the Internet. CIA Special Agent 767 displays a screen containing a CIA badge that states that the files on the computer have been encrypted. It then prompts you to send an "early bird" discount of $100 to the listed bitcoin address to get the decryption key. It goes on to further state that the amount will increase after 5 days to $250. If the time keeps counting and there is still no payment made, the sum grows to $500. This message is fake, though, as the files are not encrypted and this is simply a lock screen trying to trick you into paying a ransom. The text in the screenlocker says the following: IMPORTANT! PLEASE READ! Unfortunately the files on this computer (documents, photos, videos) have been encrypter using an extremely secure and unbreakable algorithm. This means that the files are now useless unless they are decrypted using a key. The good news is that your files are not lost forever! This tool is able to rescue the files on your computer for you! BY PURCHASING A LICENSE FROM US, WE ARE ABLE TO RESCUE YOUR FILES 100% GUARANTEED FOR EVERY LOW EARLY BIRD PRICE OF ONLY $100 USD!* In 5 days however, the price of this service will increase to $250 USD, and after $500 USD. Payment is accepted in Bitcoin only. You can purchase Bitcoin very easily in your area by bank transfer, Western Union, or even cash. Visit www.localbitcoins.com to find a seller in your area. You can also goolge Bitcoin Exchanges to find other methods for buying Bitcoin Please check the current price of Bitcoin and ensure you are sending the correct amount before making your payment! Visit www.bitcoinaverage.com for the current Bitcoin Price. After making your payment, please wait up to 24 hours for us to make your key available. Usually done in much less time however. IMPORTANT: Once the key is available and you click \"Decrypt Files\", please wait and let the decryption process complete before closing this tool. This Process can take from 15 minutes to 2+ hours depending on how many files need to be decrypted. You will get a notification thatthe decryption process is complete, at which time you can click \"Exit\". Removing this tool from your computer without first decrypting your files will cause your files to be lost forever. Bitcoin Address: 1GmGBH9ra2dqA8CgRg8a8Rngx4qHb2hLDW *Please note that early bird qualification is determined from the date that this tool was first run as recorded on our servers. Once the correct pass code is entered, the alert that is shown will contain this text: JUST DELETE IT TO REMOVE IT HAHA YOU HAVE BEEN FOOLED Category:Ransomware Category:Win32 ransomware Category:Win32 Category:Microsoft Windows Category:Win32 trojan Category:Trojan